CLAIMS: 



What is claimed is: 

1 1. A method comprising: 

2 operating a first provisioning system authorized to provision a processing device 

3 on a network, wherein the provisioning system is within a trusted environment; and 

4 using the first provisioning system to authorize a second provisioning system 

5 outside the trusted environment to provision the processing device. 

1 2. A method as recited in claim 1, wherein said using the first provisioning system to 

2 authorize a second provisioning system comprises using the first provisioning system 

3 to provision authorization of the second provisioning system in the processing device. 

1 3. A method as recited in claim 2, wherein said using the first provisioning system to 

2 authorize a second provisioning system comprises using the first provisioning system 

3 to send a provisioning message to the processing device, the provisioning message 

4 indicating authorization of the second provisioning system to provision the processing 

5 device. 

1 4. A method as recited in claim 3, wherein the provisioning message further specifies 

2 one or more parameters which the second provisioning system is authorized to 

3 provision. 
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1 5. A method as recited in claim 1, wherein said using the first provisioning system to 

2 authorize a second provisioning system comprises using the first provisioning system 

3 to send a provisioning message to the processing device, the provisioning message 

4 indicating authorization of a plurality of other provisioning systems, including the 

5 second provisioning system, to provision the processing device. 

1 6. A method as recited in claim 5, wherein the provisioning message further specifies 

2 one or more parameters which each of the other provisioning systems is authorized to 

3 provision. 

1 7. A method as recited in claim 1, wherein the processing device is a mobile device on a 

2 wireless network. 

1 8. A method as recited in claim 7, further comprising using a digital signature to 

2 provision the mobile device. 

1 9. A method as recited in claim 8, wherein said using a digital signature to provision 

2 the mobile device comprises using the digital signature to authenticate the source of the 

3 provisioning message. 

1 10. A method as recited in claim 8, further comprising using the first provisioning 

2 system to provision the mobile device with a digital certificate identifying the first 

3 provisioning system. 
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1 11. A method as recited in claim 8, further comprising using the first provisioning 

2 system to provision the mobile device with a digital certificate identifying the second 

3 provisioning system. 

1 12. A method as recited in claim 11, wherein the second provisioning system is on a 

2 second network that is outside the trusted environment and separate from, but coupled 

3 to, the wireless network. 

1 13. A method as recited in claim 12, wherein the first provisioning system has 

2 unrestricted authorization to provision the mobile device, and the authorization of the 

3 second provisioning system to provision the mobile device is regulated from the first 

4 provisioning system. 

1 14. A method as recited in claim 8, further comprising using the first provisioning 

2 system to provision the mobile device with digital certificates identifying a plurality of 

3 other provisioning systems. 

1 15. A method comprising: 

2 operating a primary trusted provisioning domain (TPD); and 

3 using the primary TPD to provision a mobile device on a wireless network by 

4 sending a provisioning message to the mobile device, the provisioning message 

5 specifying a secondary TPD authorized to provision the mobile device and an identifier 

6 of one or more parameters which the secondary TPD is authorized to provision. 
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1 16. A method as recited in claim 15, wherein the primary TPD is within a trusted 

2 environment, and wherein the secondary TPD is outside the trusted environment. 

1 17. A method as recited in claim 16, wherein the secondary TPD communicates with 

2 the mobile device via a second network that is outside the trusted environment. 

1 18. A method as recited in claim 16, further comprising using the primary TPD system 

2 to provision the mobile device with a digital certificate identifying the secondary TPD 

3 to enable the secondary TPD to provision the mobile device using a digital signature. 

1 19. A method as recited in claim 15, wherein the provisioning message specifies a 

2 plurality of secondary TPDs authorized to provision the mobile device and one or more 

3 parameters which each of the secondary TPDs is authorized to provision. 

1 20. A method comprising: 

2 operating a primary provisioning server within a predefined trusted 

3 environment, the primary provisioning server having authorization to provision a 

4 plurality of mobile devices on a wireless network; 

5 using the primary provisioning server to provision a digital certificate of the 

6 primary provisioning server in each of the mobile devices; 

7 using the primary provisioning server to provision a digital certificate of a 

8 secondary provisioning server in the mobile devices, wherein the secondary 

9 provisioning server is on a second network outside the trusted environment; and 
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1 0 using the primary provisioning server to provision the mobile devices with 

1 1 information indicating to the mobile devices authorization of the secondary 

1 2 provisioning server to provision the mobile devices. 

1 21 . A method as recited in claim 20, wherein the primary and secondary provisioning 

2 servers each use their respective digital certificates when provisioning the mobile 

3 devices, to enable the mobile devices to authenticate provisioning messages from the 

4 primary and secondary provisioning servers. 

1 22. A method as recited in claim 20, further comprising using the primary provisioning 

2 server to specify one or more parameters which the secondary provisioning server is 

3 authorized to provision in the mobile devices. 

1 23. A method as recited in claim 20, further comprising using the primary provisioning 

2 server to provision the mobile devices with information indicating authorization of a 

3 plurality of secondary provisioning servers to provision the mobile devices. 

1 24. A method as recited in claim 23, further comprising using the primary provisioning 

2 server to specify one or more parameters which each of the secondary provisioning 

3 servers is authorized to provision in the mobile devices. 
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1 25. A method as recited in claim 24, wherein said using the primary provisioning 

2 server to specify one or more parameters comprises assigning each of the secondary 

3 provisioning servers provisioning authorization of a different scope. 

1 26. A method as recited in claim 20, wherein the primary provisioning server has 

2 unrestricted authorization to provision the mobile devices, and authorization of the 

3 secondary provisioning server to provision the mobile devices is regulated by the 

4 primary provisioning server. 

1 27. A provisioning system comprising: 

2 a processor; 

3 a data communication device coupled to the processor to communicate data with 

4 one or more remote systems; and 

5 a memory coupled to the processor and storing instructions for execution by the 

6 processor to cause the provisioning system to provision a mobile device on a wireless 

7 network by sending a provisioning message to the mobile device, the provisioning 

8 message specifying a second provisioning system authorized to provision the mobile 

9 device and an identifier of one or more parameters which the second provisioning 
0 system is authorized to provision. 
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1 28. A provisioning system as recited in claim 27, wherein said provisioning system is 

2 within a trusted environment, and wherein the second provisioning system is outside 

3 the trusted environment. 

1 29. A provisioning system as recited in claim 28, wherein the second provisioning 

2 system communicates with the mobile device via a second network that is outside the 

3 trusted environment. 

1 30. A provisioning system as recited in claim 28, further comprising using said 

2 provisioning system to provision the mobile device with a digital certificate identifying 

3 the second provisioning system to enable the second provisioning system to provision 

4 the mobile device using a digital signature. 

1 31. A provisioning system as recited in claim 27, wherein the provisioning message 

2 specifies a plurality of secondary provisioning system authorized to provision the 

3 mobile device and one or more parameters which each of the secondary provisioning 

4 system is authorized to provision. 

1 32. A machine-readable program storage medium storing instructions which, when 

2 executed in a processing system, configure the processing system to operate as a 

3 primary provisioning server within a predefined trusted environment, the primary 

4 provisioning server having authorization to provision a plurality of mobile devices on a 
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5 wireless network, such that the instructions configure the processing system to execute 

6 a process comprising: 

7 provisioning a digital certificate of the primary provisioning server in each of the 

8 mobile devices; 

9 provisioning a digital certificate of a secondary provisioning server in the mobile 

1 0 devices, wherein the secondary provisioning server operates outside the trusted 

1 1 environment; and 

1 2 provisioning the mobile devices with information indicating to the mobile 

1 3 devices authorization of the secondary provisioning server to provision the mobile 

1 4 devices. 

1 33. A machine-readable program storage medium as recited in claim 32, wherein the 

2 primary and secondary provisioning servers each use their respective digital certificates 
_ 3 when provisioning the mobile devices, to enable the mobile devices to authenticate 

4 provisioning messages from the primary and secondary provisioning servers. 

1 34. A machine-readable program storage medium as recited in claim 32, wherein the 

2 process further comprises specifying one or more parameters which the secondary 

3 provisioning server is authorized to provision in the mobile devices. 

1 35. A machine-readable program storage medium as recited in claim 32, wherein the 

2 process further comprises provisioning the mobile devices with information indicating 
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3 authorization of a plurality of secondary provisioning servers to provision the mobile 

4 devices. 

1 36. A machine-readable program storage medium as recited in claim 35, wherein the 

2 process further comprises specifying one or more parameters which each of the 

3 secondary provisioning servers is authorized to provision in the mobile devices. 

1 37. A machine-readable program storage medium as recited in claim 36, wherein said 

2 specifying one or more parameters comprises assigning each of the secondary 

3 provisioning servers provisioning authorization of a different scope. 

1 38. A machine-readable program storage medium as recited in claim 32, wherein the 

2 primary provisioning server has unrestricted authorization to provision the mobile 

3 devices, and authorization of the secondary provisioning server to provision the mobile 

4 devices is regulated by the primary provisioning server. 

1 39. An apparatus comprising: 

2 means for operating a first provisioning system authorized to provision a 

3 processing device on a network, wherein the provisioning system is within a trusted 

4 environment; and 

5 means for using the first provisioning system to authorize a second provisioning 

6 system outside the trusted environment to provision the processing device. 
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1 40. A method of operating a mobile device on a wireless network, the method 

2 comprising: 

3 receiving a provisioning message from a first trusted provisioning domain 

4 (TPD), the provisioning message specifying a second TPD and indicating a parameter 

5 which the second TPD is authorized to provision in the mobile device; 

6 storing information identifying the second TPD and the parameter in response to 

7 the provisioning message; and 

8 provisioning the parameter in the mobile device in response to a provisioning 

9 message from the second TPD. 



1 41. A method as recited in claim 40, wherein the first TPD is within a trusted 

2 environment, and the second TPD is outside the trusted environment. 

1 42. A method as recited in claim 41, further comprising: 

2 receiving a digital certificate of the second TPD from the first TPD; and 

3 using the digital certificate in the mobile device to authenticate the provisioning 

4 message from the second TPD. 

1 43. A method as recited in claim 40, wherein the provisioning message specifies a 

2 plurality of secondary TPDs and a parameter which each of the secondary TPDs is 

3 authorized to provision in the mobile device, the method further comprising storing 
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4 information identifying each of the secondary TPDs and the corresponding parameters 

5 in response to the provisioning message. 



1 44. A method of operating a mobile device on a wireless network, the method 

2 comprising: 

3 receiving a provisioning message from a remote source, the provisioning 

4 message specifying a parameter; 

5 determining whether the remote source is a primary trusted provisioning 

6 domain (TPD); 

: 7 if the remote source is the primary TPD, provisioning the parameter in the 

8 mobile device in response to the provisioning message; 

9 if the remote source is not the primary TPD, determining whether the remote 

1 0 source is a secondary TPD authorized to provision the parameter, based on a 

1 1 provisioning authorization previously received by the mobile device from the primary 

12 TPD; and 

1 3 if the remote source is a secondary TPD authorized to provision the parameter, 

1 4 provisioning the parameter in the mobile device in response to the provisioning 

1 5 message. 



1 45. A method as recited in claim 44, wherein the primary TPD operates within a trusted 

2 environment, and the secondary TPD operates outside the trusted environment. 
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1 46. A method as recited in claim 44, further comprising: 

2 receiving a digital certificate of the secondary TPD from the primary TPD; and 

3 using the digital certificate in the mobile device to authenticate the provisioning 

4 message. 

1 47. A method as recited in claim 44, wherein the provisioning message specifies a 

2 plurality of secondary TPDs and a parameter which each of the secondary TPDs is 

3 authorized to provision in the mobile device, the method further comprising storing 

4 information identifying each of the secondary TPDs and the corresponding parameters 

5 in response to the provisioning message. 



1 48. A mobile device configured to operate on a wireless network, the mobile device 

2 comprising: 

3 a processor; 

4 a data communication device coupled to the processor to communicate data with 

5 one or more remote systems via the wireless network; and 

6 a memory coupled to the processor and storing instructions for execution by the 

7 processor to configure the mobile device to execute a process comprising 

8 receiving a provisioning message from a first trusted provisioning domain 

9 (TPD) via the wireless network, the provisioning message specifying a second TPD and 

0 indicating a parameter which the second TPD is authorized to provision in the mobile 

1 device; 
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1 2 storing information identifying the second TPD and the parameter in 

1 3 response to the provisioning message; and 

1 4 provisioning the parameter in the mobile device in response to a 

1 5 provisioning message from the second TPD. 

1 49. A mobile device as recited in claim 48, wherein the first TPD is within a trusted 

2 environment, and the second TPD is outside the trusted environment. 



1 50. A mobile device as recited in claim 49, wherein the process further comprises: 

2 receiving a digital certificate of the second TPD from the first TPD; and 

3 using the digital certificate in the mobile device to authenticate the provisioning 
- 4 message from the second TPD. 

~l \ 51. A mobile device as recited in claim 48, wherein the provisioning message specifies a 

2 plurality of secondary TPDs and a parameter which each of the secondary TPDs is 

" 3 authorized to provision in the mobile device, and wherein the process further 

4 comprises storing information identifying each of the secondary TPDs and the 

5 corresponding parameters in response to the provisioning message. 

1 52. A mobile device configured to operate on a wireless network, the mobile device 

2 comprising: 

3 a processor; 
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4 a data communication device coupled to the processor to communicate data with 

5 one or more remote systems via the wireless network; and 

6 a memory coupled to the processor and storing instructions for execution by the 

7 processor to configure the mobile device to execute a process comprising 

8 receiving a provisioning message from a remote source, the provisioning 

9 message specifying a parameter; 

1 0 determining whether the remote source is a primary trusted provisioning 

1 1 domain (TPD); 

1 2 if the remote source is the primary TPD, provisioning the parameter in the 

1 3 mobile device in response to the provisioning message; 

"14 if the remote source is not the primary TPD, determining whether the remote 

1 5 source is a secondary TPD authorized to provision the parameter, based on a 

1 6 provisioning authorization previously received by the mobile device from the primary 

1 7 TPD; and 

1 8 if the remote source is a secondary TPD authorized to provision the parameter, 

1 9 provisioning the parameter in the mobile device in response to the provisioning 

20 message. 



1 53. A mobile device as recited in claim 52, wherein the primary TPD operates within a 

2 trusted environment, and the secondary TPD operates outside the trusted environment. 

1 54. A mobile device as recited in claim 52, wherein the process further comprises: 
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2 receiving a digital certificate of the secondary TPD from the primary TPD; and 

3 using the digital certificate in the mobile device to authenticate the provisioning 

4 message. 

1 55. A mobile device as recited in claim 52, wherein the provisioning message specifies a 

2 plurality of secondary TPDs and a parameter which each of the secondary TPDs is 

3 authorized to provision in the mobile device, and wherein the process further 

4 comprises storing information identifying each of the secondary TPDs and the 

5 corresponding parameters in response to the provisioning message. 
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